Vulnerabilities > Mozilla > Firefox ESR

DATE CVE VULNERABILITY TITLE RISK
2024-08-06 CVE-2024-7528 Use After Free vulnerability in Mozilla Firefox
Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free.
network
low complexity
mozilla CWE-416
8.8
2024-08-06 CVE-2024-7529 Unspecified vulnerability in Mozilla Firefox
The date picker could partially obscure security prompts.
network
low complexity
mozilla
6.5
2024-08-06 CVE-2024-7531 Unspecified vulnerability in Mozilla Firefox
Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor.
network
low complexity
mozilla
6.5
2024-06-11 CVE-2024-5690 Information Exposure Through Discrepancy vulnerability in multiple products
By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system.
network
low complexity
mozilla debian CWE-203
4.3
2024-06-11 CVE-2024-5691 Unspecified vulnerability in Mozilla Firefox
By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window.
network
low complexity
mozilla
4.7
2024-01-23 CVE-2024-0741 Out-of-bounds Write vulnerability in multiple products
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash.
network
low complexity
mozilla debian CWE-787
6.5
2024-01-23 CVE-2024-0742 It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load.
network
low complexity
mozilla debian
4.3
2024-01-23 CVE-2024-0746 A Linux user opening the print preview dialog could have caused the browser to crash.
network
low complexity
mozilla debian
6.5
2024-01-23 CVE-2024-0747 When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy.
network
low complexity
mozilla debian
6.5
2024-01-23 CVE-2024-0749 Origin Validation Error vulnerability in multiple products
A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar.
network
low complexity
mozilla debian CWE-346
4.3